From f030c87ee6b7f94e3704ae5c94667b7d46f30776 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Sun, 11 Jul 2021 11:31:11 +0200
Subject: [PATCH] url-mode: abort when running into un-allocated scrollback
 memory
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When tagging URL cells (in preparation for rendering URL mode), we
loop the URL’s entire range, setting the `url` attribute of all cells,
and dirtying the rows.

It is possible to create URLs that are invalid, and wrap around the
scrollback, even though the scrollback hasn’t yet been filled. For
example, by starting an OSC-8 URL, moving the cursor, and then closing
the OSC-8 URL.

These URLs are invalid, but are still rendered just fine. “Fine” being
relative - they will typically fill the entire screen. But at least
that’s a very clear indication for the user that’s something is wrong.

The problem is when we hit un-allocated scrollback rows. We didn’t
check for NULL rows, and crashed.

This has now been fixed.
---
 CHANGELOG.md | 2 ++
 url-mode.c   | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index acea5f9c..f7bd40d8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -53,6 +53,8 @@
   URLs.
 * Double free of URL while removing duplicated and/or overlapping URLs
   in URL mode (https://codeberg.org/dnkl/foot/issues/627).
+* Crash when an unclosed OSC-8 URL ran into un-allocated scrollback
+  rows.
 
 
 ### Security
diff --git a/url-mode.c b/url-mode.c
index 94c05b3a..524b8d1b 100644
--- a/url-mode.c
+++ b/url-mode.c
@@ -654,6 +654,11 @@ tag_cells_for_url(struct terminal *term, const struct url *url, bool value)
             c = 0;
 
             row = term->grid->rows[r];
+            if (row == NULL) {
+                /* Un-allocated scrollback. This most likely means a
+                 * runaway OSC-8 URL. */
+                break;
+            }
             row->dirty = true;
         }
     }